Targeting companies looking for more secure authentication systems, Ping Identity announced on Monday two products addressing identity federation and SSO (secure single sign-on).

PingFederate 4 is designed to let companies with linked networks have a single authentication point for users. The software includes role-based administration tools, logging capabilities for compliance and supports clusters of geographically distributed servers, said Mike Donaldson, vice president of marketing for Ping Identity.

The software also support four protocols used in sharing identity credentials: WS-Federation, SAML (Security Assertion Markup Language) 1.0, SAML 1.1 and SAML 2.0. Donaldson said about 60 percent of their customers are implementing SAML 2.0, a specification ratified in February 2005.

Companies are increasingly looking to identity federation projects to reduce costs associated with password management and make it easier for users. For example, a company could allow those logged into their human resources Web site to be directed to retirement plan information hosted by a different company without re-entering their login and password.

PingFederate 4 is available for a free trial download that expires after six months or 100,000 transactions, whichever comes first, Donaldson said. Pricing varies, but one option allows the software to be used on any number of servers for up to 1 million transactions for $30,000, he said.

PingFederate runs on Microsoft's Windows servers and Linux, and will eventually be certified for Unix, Donaldson said.

PingLogin, which will ship in July, is middleware written in Java that allows various methods of strong identity authentication, such as the use of smart cards and biometrics, for access to applications.

In the past, companies have deployed proprietary login systems, and Ping Identity says its software streamlines identity verification and can quickly accommodate changes.

The software has an administration server used to manage a login server through a Web-based GUI (graphical user interface). The login server can collect credentials from different types of devices, such as smart phones, using transport protocols such as HTTP, SOAP (Simple Object Access Protocol) and XML (Extensible Markup Language).

Once a user has been authenticated, a security token is created that allows access to other applications.

The initial market for PingLogin will be commercial banks, which are adopting stronger authentication methods, said Ryan T. Hunter, director of product marketing.

The software will ship in July and costs $100,000 per server with a two CPU (central processing unit) limit. It will run on Windows 2003 server and Red Hat Network 3.1.